Merge from trunk

author: Ryan Lane <laner@controller> 2010-11-30 22:34:01 +0000
committer: Ryan Lane <laner@controller> 2010-11-30 22:34:01 +0000
commit: 2cf46f1fb4384c476a6d3b31e71c266a67a4afd2 (patch)
tree: 1ab223d2116e12c68816f44c9b693dbdf4390664 /nova/auth
parent: 7d462fd04cf799689bcbea0b926f0bd38e64869c (diff)
parent: 5269e689046276093b59c5a55ab9ecd3b3ed01b1 (diff)
5 files changed, 132 insertions, 109 deletions
diff --git a/nova/auth/nova_openldap.schema b/nova/auth/nova_openldap.schema
new file mode 100644
index 000000000..4047361de
--- /dev/null
+++ b/nova/auth/nova_openldap.schema
@@ -0,0 +1,84 @@
+#
+# Person object for Nova
+# inetorgperson with extra attributes
+# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
+#
+#
+
+# using internet experimental oid arc as per BP64 3.1
+objectidentifier novaSchema 1.3.6.1.3.1.666.666
+objectidentifier novaAttrs novaSchema:3
+objectidentifier novaOCs novaSchema:4
+
+attributetype (
+    novaAttrs:1
+    NAME 'accessKey'
+    DESC 'Key for accessing data'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:2
+    NAME 'secretKey'
+    DESC 'Secret key'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:3
+    NAME 'keyFingerprint'
+    DESC 'Fingerprint of private key'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:4
+    NAME 'isAdmin'
+    DESC 'Is user an administrator?'
+    EQUALITY booleanMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributetype (
+    novaAttrs:5
+    NAME 'projectManager'
+    DESC 'Project Managers of a project'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+objectClass (
+    novaOCs:1
+    NAME 'novaUser'
+    DESC 'access and secret keys'
+    AUXILIARY
+    MUST ( uid )
+    MAY  ( accessKey $ secretKey $ isAdmin )
+    )
+
+objectClass (
+    novaOCs:2
+    NAME 'novaKeyPair'
+    DESC 'Key pair for User'
+    SUP top
+    STRUCTURAL
+    MUST ( cn $ sshPublicKey $ keyFingerprint )
+    )
+
+objectClass (
+    novaOCs:3
+    NAME 'novaProject'
+    DESC 'Container for project'
+    SUP groupOfNames
+    STRUCTURAL
+    MUST ( cn $ projectManager )
+    )
diff --git a/nova/auth/nova_sun.schema b/nova/auth/nova_sun.schema
new file mode 100644
index 000000000..e925e05e4
--- /dev/null
+++ b/nova/auth/nova_sun.schema
@@ -0,0 +1,16 @@
+#
+# Person object for Nova
+# inetorgperson with extra attributes
+# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
+# Modified for strict RFC 4512 compatibility by: Ryan Lane <ryan@ryandlane.com>
+#
+# using internet experimental oid arc as per BP64 3.1
+dn: cn=schema
+attributeTypes: ( 1.3.6.1.3.1.666.666.3.1 NAME 'accessKey' DESC 'Key for accessing data' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+attributeTypes: ( 1.3.6.1.3.1.666.666.3.2 NAME 'secretKey' DESC 'Secret key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+attributeTypes: ( 1.3.6.1.3.1.666.666.3.3 NAME 'keyFingerprint' DESC 'Fingerprint of private key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+attributeTypes: ( 1.3.6.1.3.1.666.666.3.4 NAME 'isAdmin' DESC 'Is user an administrator?' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 
+attributeTypes: ( 1.3.6.1.3.1.666.666.3.5 NAME 'projectManager' DESC 'Project Managers of a project' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+objectClasses: ( 1.3.6.1.3.1.666.666.4.1 NAME 'novaUser' DESC 'access and secret keys' SUP top AUXILIARY MUST ( uid ) MAY  ( accessKey $ secretKey $ isAdmin ) ) 
+objectClasses: ( 1.3.6.1.3.1.666.666.4.2 NAME 'novaKeyPair' DESC 'Key pair for User' SUP top STRUCTURAL MUST ( cn $ sshPublicKey $ keyFingerprint ) )
+objectClasses: ( 1.3.6.1.3.1.666.666.4.3 NAME 'novaProject' DESC 'Container for project' SUP groupOfNames STRUCTURAL MUST ( cn $ projectManager ) )
diff --git a/nova/auth/openssh-lpk_openldap.schema b/nova/auth/openssh-lpk_openldap.schema
new file mode 100644
index 000000000..93351da6d
--- /dev/null
+++ b/nova/auth/openssh-lpk_openldap.schema
@@ -0,0 +1,19 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+# Author: Eric AUGE <eau@phear.org>
+#
+# Based on the proposal of : Mark Ruijter
+#
+
+
+# octetString SYNTAX
+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
+	DESC 'MANDATORY: OpenSSH Public key'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# printableString SYNTAX yes|no
+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+	DESC 'MANDATORY: OpenSSH LPK objectclass'
+	MAY ( sshPublicKey $ uid )
+	)
diff --git a/nova/auth/openssh-lpk_sun.schema b/nova/auth/openssh-lpk_sun.schema
new file mode 100644
index 000000000..5f52db3b6
--- /dev/null
+++ b/nova/auth/openssh-lpk_sun.schema
@@ -0,0 +1,10 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+# Author: Eric AUGE <eau@phear.org>
+# 
+# Schema for Sun Directory Server.
+# Based on the original schema, modified by Stefan Fischer.
+#
+dn: cn=schema
+attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MAY ( sshPublicKey $ uid ) )
diff --git a/nova/auth/slap.sh b/nova/auth/slap.sh
index fdc0e39dc..797675d2e 100755
--- a/nova/auth/slap.sh
+++ b/nova/auth/slap.sh
@@ -20,115 +20,9 @@
 
 apt-get install -y slapd ldap-utils python-ldap
 
-cat >/etc/ldap/schema/openssh-lpk_openldap.schema <<LPK_SCHEMA_EOF
-#
-# LDAP Public Key Patch schema for use with openssh-ldappubkey
-# Author: Eric AUGE <eau@phear.org>
-#
-# Based on the proposal of : Mark Ruijter
-#
-
-
-# octetString SYNTAX
-attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
-	DESC 'MANDATORY: OpenSSH Public key'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
-# printableString SYNTAX yes|no
-objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
-	DESC 'MANDATORY: OpenSSH LPK objectclass'
-	MAY ( sshPublicKey $ uid )
-	)
-LPK_SCHEMA_EOF
-
-cat >/etc/ldap/schema/nova.schema <<NOVA_SCHEMA_EOF
-#
-# Person object for Nova
-# inetorgperson with extra attributes
-# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
-#
-#
-
-# using internet experimental oid arc as per BP64 3.1
-objectidentifier novaSchema 1.3.6.1.3.1.666.666
-objectidentifier novaAttrs novaSchema:3
-objectidentifier novaOCs novaSchema:4
-
-attributetype (
-    novaAttrs:1
-    NAME 'accessKey'
-    DESC 'Key for accessing data'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetype (
-    novaAttrs:2
-    NAME 'secretKey'
-    DESC 'Secret key'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetype (
-    novaAttrs:3
-    NAME 'keyFingerprint'
-    DESC 'Fingerprint of private key'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetype (
-    novaAttrs:4
-    NAME 'isAdmin'
-    DESC 'Is user an administrator?'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetype (
-    novaAttrs:5
-    NAME 'projectManager'
-    DESC 'Project Managers of a project'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-objectClass (
-    novaOCs:1
-    NAME 'novaUser'
-    DESC 'access and secret keys'
-    AUXILIARY
-    MUST ( uid )
-    MAY  ( accessKey $ secretKey $ isAdmin )
-    )
-
-objectClass (
-    novaOCs:2
-    NAME 'novaKeyPair'
-    DESC 'Key pair for User'
-    SUP top
-    STRUCTURAL
-    MUST ( cn $ sshPublicKey $ keyFingerprint )
-    )
-
-objectClass (
-    novaOCs:3
-    NAME 'novaProject'
-    DESC 'Container for project'
-    SUP groupOfNames
-    STRUCTURAL
-    MUST ( cn $ projectManager )
-    )
-
-NOVA_SCHEMA_EOF
+abspath=`dirname "$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"`
+cp $abspath/openssh-lpk_openldap.schema /etc/ldap/schema/openssh-lpk_openldap.schema
+cp $abspath/nova_openldap.schema /etc/ldap/schema/nova_openldap.schema
 
 mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf.orig
 cat >/etc/ldap/slapd.conf <<SLAPD_CONF_EOF
author	Ryan Lane <laner@controller>	2010-11-30 22:34:01 +0000
committer	Ryan Lane <laner@controller>	2010-11-30 22:34:01 +0000
commit	2cf46f1fb4384c476a6d3b31e71c266a67a4afd2 (patch)
tree	1ab223d2116e12c68816f44c9b693dbdf4390664 /nova/auth
parent	7d462fd04cf799689bcbea0b926f0bd38e64869c (diff)
parent	5269e689046276093b59c5a55ab9ecd3b3ed01b1 (diff)